Mar 2025 - 1Inch Resolve Order Suffix Integer Overflow Vulnerability - $5m (Global)
"One-stop access to decentralized finance" "Optimize your trades across hundreds of DEXes on multiple networks" "A tool for swapping tokens across any network and placing on-chain limit orders securely, at the best rate." "The most powerful mobile app for managing your assets and exploring Web3." "A cutting-edge tracking tool offering accurate, detailed and well-organized crypto portfolio information."
"1inch is dedicated to advancing a secure and compliant DeFi ecosystem. By uniting with forefront security and compliance specialists, we set the standard for safety and compliance, ensuring our users navigate the DeFi space with confidence."
"The exploit targeted a third-party resolver contract integrated with the the Fusion V1 protocol. 1inch Fusion is an efficient gasless swap protocol built on top of 1inch Limit Order Protocol. Fusion V1 was deprecated mid-2023 but was not destructed for the purpose of backwards compatibility for the users who still needed the old version."
"The attacker used the following approach:
Create a normal order swapping a few wei for millions USD.
Pad it with null-bytes.
Specify an invalid interactionLength value (0xffff…fe00 = -512).
Add a fake suffix structure as an interaction."
"The final tally: TrustedVolumes got most of their $4.5M back minus the 10% 'bounty' the attacker kept ($450K), while smaller market makers collectively lost around $500K."
Further Analysis
1inch, a decentralized finance platform, offers tools for optimizing trades across multiple networks, swapping tokens, and managing assets securely, while also emphasizing its commitment to security and compliance. The platform's older Fusion V1 protocol, though deprecated, became the target of a vulnerability that allowed an attacker to exploit a bug in the resolver contract, draining millions of dollars. Despite several audits, the flaw remained undetected for over two years. After a series of negotiations, most of the stolen funds were returned, minus a 10% bounty.
How Could This Have Been Prevented?
More Cryptocurrency Exchange Hacks/Scams/Frauds
Berally Price Crash Deployer Private Key Leakage > > < < Jupiter Exchange WereMeow Account Compromise
Sources/Further Reading
1inch Network | Leading high capital efficient DeFi protocols (Dec 31)
1Inch - Rekt (Dec 31)
Yul Calldata Corruption - 1inch Postmortem - Decurity (Dec 31)
IDM Communication - Etherscan (Dec 31)
Attack Transaction 1 - Etherscan (Dec 31)
Attack Transaction 2 - Etherscan (Dec 31)
Attack Transaction 3 - Etherscan (Dec 31)
Attack Transaction 4 - Etherscan (Dec 31)
Attack Transaction 5 - Etherscan (Dec 31)
Attack Transaction 6 - Etherscan (Dec 31)
Attack Transaction 7 - Etherscan (Dec 31)
Attack Transaction 8 - Etherscan (Dec 31)
Attack Transaction 9 - Etherscan (Dec 31)
Attack Transaction 10 - Etherscan (Dec 31)
Attacker Returns 2,400,000 USDC To 1Inch - Etherscan (Dec 31)
Attacker Returns 1,076 WETH To 1Inch - Etherscan (Dec 31)
List Of Reported Audits Completed - Github (Dec 31)
Vulnerability in obsolete 1inch contract affecting resolver contracts (Dec 31)
 t.me/QuadrigaInitiative
|
 /r/QuadrigaInitiative
|
 @QuadrigaInit
|
 info@quadrigainitiative.com
|